Noel et al, > As far as I'm concerned, no one --- not me, not you, not Peter, no one --- > should be submitting changes to the wire-level-protocol syntax and > semantics > without documenting the relevant RFC issues. If there is disagreement on > how to interpret the RFC, we can check with other sources. But this is > not > a subjective matter. There may be options that render multiple choices > correct, but that also needs to be demonstrated from the RFC.
The only statement on reauthentication in the RFC is the following: "If a client attempts to reauthenticate, the server may return 482 response indicating that the new authentication data is rejected by the server." This is a MAY, not a MUST, so it is indeed optional. It would certainly be possible to make this configurable. I chose to implement the specified behavior, because that's what is discussed in the RFC. Note that this is not a regression. Since the AuthService never worked - try having two different authenticated users on James 2.0a3 and see what happens when you do a re-authentication. Bad, bad things happen. --Peter -- To unsubscribe, e-mail: <mailto:james-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:james-dev-help@;jakarta.apache.org>
